package com.google.gerrit.httpd.rpc;

import com.google.common.collect.ListMultimap;
import com.google.common.collect.MultimapBuilder;
import com.google.gerrit.audit.AuditService;
import com.google.gerrit.audit.RpcAuditEvent;
import com.google.gerrit.common.TimeUtil;
import com.google.gerrit.common.audit.Audit;
import com.google.gerrit.common.auth.SignInRequired;
import com.google.gerrit.common.errors.NotSignedInException;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.CurrentUser;
import com.google.gson.GsonBuilder;
import com.google.gwtjsonrpc.common.RemoteJsonService;
import com.google.gwtjsonrpc.server.ActiveCall;
import com.google.gwtjsonrpc.server.JsonServlet;
import com.google.gwtjsonrpc.server.MethodHandle;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.diff.Edit;
import org.eclipse.jgit.diff.EditDeserializer;
import org.eclipse.jgit.lib.BranchConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/gerrit/httpd/rpc/GerritJsonServlet.class */
public final class GerritJsonServlet extends JsonServlet<GerritCall> {
    private static final Logger log = LoggerFactory.getLogger(GerritJsonServlet.class);
    private static final ThreadLocal<GerritCall> currentCall = new ThreadLocal<>();
    private static final ThreadLocal<MethodHandle> currentMethod = new ThreadLocal<>();
    private final DynamicItem<WebSession> session;
    private final RemoteJsonService service;
    private final AuditService audit;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/gerrit/httpd/rpc/GerritJsonServlet$GerritCall.class */
    public static class GerritCall extends ActiveCall {
        private final WebSession session;
        private final long when;
        private static final Field resultField = getPrivateField(ActiveCall.class, "result");
        private static final Field methodField = getPrivateField(MethodHandle.class, "method");

        private static Field getPrivateField(Class<?> cls, String str) {
            Field field = null;
            try {
                field = cls.getDeclaredField(str);
                field.setAccessible(true);
            } catch (Exception e) {
                GerritJsonServlet.log.error("Unable to expose RPS/JSON result field");
            }
            return field;
        }

        public Class<?> getMethodClass() {
            if (methodField == null) {
                return null;
            }
            try {
                return ((Method) methodField.get(getMethod())).getDeclaringClass();
            } catch (IllegalAccessException e) {
                GerritJsonServlet.log.error("No permissions to access result field");
                return null;
            } catch (IllegalArgumentException e2) {
                GerritJsonServlet.log.error("Cannot access result field");
                return null;
            }
        }

        public Object getResult() {
            if (resultField == null) {
                return null;
            }
            try {
                return resultField.get(this);
            } catch (IllegalAccessException e) {
                GerritJsonServlet.log.error("No permissions to access result field");
                return null;
            } catch (IllegalArgumentException e2) {
                GerritJsonServlet.log.error("Cannot access result field");
                return null;
            }
        }

        GerritCall(WebSession webSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            super(httpServletRequest, httpServletResponse);
            this.session = webSession;
            this.when = TimeUtil.nowMs();
        }

        @Override // com.google.gwtjsonrpc.server.ActiveCall
        public MethodHandle getMethod() {
            return GerritJsonServlet.currentMethod.get() == null ? super.getMethod() : (MethodHandle) GerritJsonServlet.currentMethod.get();
        }

        @Override // com.google.gwtjsonrpc.server.ActiveCall, com.google.gwtjsonrpc.common.AsyncCallback
        public void onFailure(Throwable th) {
            if ((th instanceof IllegalArgumentException) || (th instanceof IllegalStateException)) {
                super.onFailure(th);
            } else if ((th instanceof OrmException) || (th instanceof RuntimeException)) {
                onInternalFailure(th);
            } else {
                super.onFailure(th);
            }
        }

        @Override // com.google.gwtjsonrpc.server.ActiveCall
        public boolean xsrfValidate() {
            String xsrfKeyIn = getXsrfKeyIn();
            if (xsrfKeyIn == null || "".equals(xsrfKeyIn)) {
                return !this.session.isSignedIn();
            }
            if (!this.session.isSignedIn() || !this.session.isValidXGerritAuth(xsrfKeyIn)) {
                return false;
            }
            this.session.getUser().setAccessPath(AccessPath.JSON_RPC);
            return true;
        }

        public WebSession getWebSession() {
            return this.session;
        }

        public long getWhen() {
            return this.when;
        }

        public long getElapsed() {
            return TimeUtil.nowMs() - this.when;
        }
    }

    @Inject
    GerritJsonServlet(DynamicItem<WebSession> dynamicItem, RemoteJsonService remoteJsonService, AuditService auditService) {
        this.session = dynamicItem;
        this.service = remoteJsonService;
        this.audit = auditService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.google.gwtjsonrpc.server.JsonServlet
    public GerritCall createActiveCall(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GerritCall gerritCall = new GerritCall(this.session.get(), httpServletRequest, new AuditedHttpServletResponse(httpServletResponse));
        currentCall.set(gerritCall);
        return gerritCall;
    }

    @Override // com.google.gwtjsonrpc.server.JsonServlet
    protected GsonBuilder createGsonBuilder() {
        return gerritDefaultGsonBuilder();
    }

    private static GsonBuilder gerritDefaultGsonBuilder() {
        GsonBuilder defaultGsonBuilder = defaultGsonBuilder();
        defaultGsonBuilder.registerTypeAdapter(Edit.class, new EditDeserializer());
        return defaultGsonBuilder;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.gwtjsonrpc.server.JsonServlet
    public void preInvoke(GerritCall gerritCall) {
        super.preInvoke((GerritJsonServlet) gerritCall);
        if (gerritCall.isComplete() || gerritCall.getMethod().getAnnotation(SignInRequired.class) == null) {
            return;
        }
        if (gerritCall.requireXsrfValid() && this.session.get().isSignedIn()) {
            return;
        }
        gerritCall.onFailure(new NotSignedInException());
    }

    @Override // com.google.gwtjsonrpc.server.JsonServlet
    protected Object createServiceHandle() {
        return this.service;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.google.gwtjsonrpc.server.JsonServlet, javax.servlet.http.HttpServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            super.service(httpServletRequest, httpServletResponse);
        } finally {
            audit();
            currentCall.set(null);
        }
    }

    private void audit() {
        try {
            GerritCall gerritCall = currentCall.get();
            MethodHandle method = gerritCall.getMethod();
            if (method == null) {
                return;
            }
            Audit audit = (Audit) method.getAnnotation(Audit.class);
            if (audit != null) {
                String sessionId = gerritCall.getWebSession().getSessionId();
                CurrentUser user = gerritCall.getWebSession().getUser();
                ListMultimap<String, ?> extractParams = extractParams(audit, gerritCall);
                this.audit.dispatch(new RpcAuditEvent(sessionId, user, extractWhat(audit, gerritCall), gerritCall.getWhen(), extractParams, gerritCall.getHttpServletRequest().getMethod(), gerritCall.getHttpServletRequest().getMethod(), ((AuditedHttpServletResponse) gerritCall.getHttpServletResponse()).getStatus(), gerritCall.getResult()));
            }
        } catch (Throwable th) {
            log.error("Unable to log the call", th);
        }
    }

    private ListMultimap<String, ?> extractParams(Audit audit, GerritCall gerritCall) {
        ListMultimap build = MultimapBuilder.hashKeys().arrayListValues().build();
        Object[] params = gerritCall.getParams();
        for (int i = 0; i < params.length; i++) {
            build.put("$" + i, params[i]);
        }
        for (int i2 : audit.obfuscate()) {
            build.removeAll("$" + i2);
            build.put("$" + i2, "*****");
        }
        return build;
    }

    private String extractWhat(Audit audit, GerritCall gerritCall) {
        Class<?> methodClass = gerritCall.getMethodClass();
        String name = methodClass != null ? methodClass.getName() : "<UNKNOWN_CLASS>";
        String substring = name.substring(name.lastIndexOf(BranchConfig.LOCAL_REPOSITORY) + 1);
        String action = audit.action();
        if (action.length() == 0) {
            action = gerritCall.getMethod().getName();
        }
        return substring + BranchConfig.LOCAL_REPOSITORY + action;
    }
}
